Skip to navigation

Security Advisory gnupg security update

Advisory: RHSA-2006:0571-4
Type: Security Advisory
Severity: Moderate
Issued on: 2006-07-18
Last updated on: 2006-07-18
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2006-3082

Details

An updated GnuPG package that fixes a security issue is now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

GnuPG is a utility for encrypting data and creating digital signatures.

An integer overflow flaw was found in GnuPG. An attacker could create a
carefully crafted message packet with a large length that could cause GnuPG
to crash or possibly overwrite memory when opened. (CVE-2006-3082)

All users of GnuPG are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)

IA-32:
gnupg-1.2.1-16.i386.rpm
File outdated by:  RHSA-2007:0106
    MD5: 4a09e2928900d8a82c2d783c7eb2d296
 
x86_64:
gnupg-1.2.1-16.x86_64.rpm
File outdated by:  RHSA-2007:0106
    MD5: 0e9ea49121b053d9a8bc67c50cf70673
 
Red Hat Desktop (v. 4)

IA-32:
gnupg-1.2.6-5.i386.rpm
File outdated by:  RHBA-2010:0447
    MD5: 47e0360b4534d7220dd01f5dbdf11d72
 
x86_64:
gnupg-1.2.6-5.x86_64.rpm
File outdated by:  RHBA-2010:0447
    MD5: 64689932318e0b756e64d1b4cfd4c850
 
Red Hat Enterprise Linux AS (v. 2.1)

IA-32:
gnupg-1.0.7-17.i386.rpm
File outdated by:  RHSA-2007:0106
    MD5: 0cc151d11326fd2358805f4586a53184
 
IA-64:
gnupg-1.0.7-17.ia64.rpm
File outdated by:  RHSA-2007:0106
    MD5: c1b68462b1b4d696fa9e90e38f6f54d7
 
Red Hat Enterprise Linux AS (v. 3)

IA-32:
gnupg-1.2.1-16.i386.rpm
File outdated by:  RHSA-2007:0106
    MD5: 4a09e2928900d8a82c2d783c7eb2d296
 
IA-64:
gnupg-1.2.1-16.ia64.rpm
File outdated by:  RHSA-2007:0106
    MD5: 9e5c54d0ab18653e474d55b7dbf239f4
 
PPC:
gnupg-1.2.1-16.ppc.rpm
File outdated by:  RHSA-2007:0106
    MD5: 950443789619df4f52cdf43ab0fec80c
 
s390:
gnupg-1.2.1-16.s390.rpm
File outdated by:  RHSA-2007:0106
    MD5: 7e791472c18454f8f9a0e5efbee1ef87
 
s390x:
gnupg-1.2.1-16.s390x.rpm
File outdated by:  RHSA-2007:0106
    MD5: 14b9d593377b1e01a1dae543cc1716ad
 
x86_64:
gnupg-1.2.1-16.x86_64.rpm
File outdated by:  RHSA-2007:0106
    MD5: 0e9ea49121b053d9a8bc67c50cf70673
 
Red Hat Enterprise Linux AS (v. 4)

IA-32:
gnupg-1.2.6-5.i386.rpm
File outdated by:  RHBA-2010:0447
    MD5: 47e0360b4534d7220dd01f5dbdf11d72
 
IA-64:
gnupg-1.2.6-5.ia64.rpm
File outdated by:  RHBA-2010:0447
    MD5: 8bcbf0ee44c28eda3700601462f8f279
 
PPC:
gnupg-1.2.6-5.ppc.rpm
File outdated by:  RHBA-2010:0447
    MD5: b5441d9d4ade66a04f4cdea1ddbdd307
 
s390:
gnupg-1.2.6-5.s390.rpm
File outdated by:  RHBA-2010:0447
    MD5: d7b5cfdd8c6f094a296c158922fe9b2e
 
s390x:
gnupg-1.2.6-5.s390x.rpm
File outdated by:  RHBA-2010:0447
    MD5: 5d50e214254980abd03cd087eacf35bd
 
x86_64:
gnupg-1.2.6-5.x86_64.rpm
File outdated by:  RHBA-2010:0447
    MD5: 64689932318e0b756e64d1b4cfd4c850
 
Red Hat Enterprise Linux ES (v. 2.1)

IA-32:
gnupg-1.0.7-17.i386.rpm
File outdated by:  RHSA-2007:0106
    MD5: 0cc151d11326fd2358805f4586a53184
 
Red Hat Enterprise Linux ES (v. 3)

IA-32:
gnupg-1.2.1-16.i386.rpm
File outdated by:  RHSA-2007:0106
    MD5: 4a09e2928900d8a82c2d783c7eb2d296
 
IA-64:
gnupg-1.2.1-16.ia64.rpm
File outdated by:  RHSA-2007:0106
    MD5: 9e5c54d0ab18653e474d55b7dbf239f4
 
x86_64:
gnupg-1.2.1-16.x86_64.rpm
File outdated by:  RHSA-2007:0106
    MD5: 0e9ea49121b053d9a8bc67c50cf70673
 
Red Hat Enterprise Linux ES (v. 4)

IA-32:
gnupg-1.2.6-5.i386.rpm
File outdated by:  RHBA-2010:0447
    MD5: 47e0360b4534d7220dd01f5dbdf11d72
 
IA-64:
gnupg-1.2.6-5.ia64.rpm
File outdated by:  RHBA-2010:0447
    MD5: 8bcbf0ee44c28eda3700601462f8f279
 
x86_64:
gnupg-1.2.6-5.x86_64.rpm
File outdated by:  RHBA-2010:0447
    MD5: 64689932318e0b756e64d1b4cfd4c850
 
Red Hat Enterprise Linux WS (v. 2.1)

IA-32:
gnupg-1.0.7-17.i386.rpm
File outdated by:  RHSA-2007:0106
    MD5: 0cc151d11326fd2358805f4586a53184
 
Red Hat Enterprise Linux WS (v. 3)

IA-32:
gnupg-1.2.1-16.i386.rpm
File outdated by:  RHSA-2007:0106
    MD5: 4a09e2928900d8a82c2d783c7eb2d296
 
IA-64:
gnupg-1.2.1-16.ia64.rpm
File outdated by:  RHSA-2007:0106
    MD5: 9e5c54d0ab18653e474d55b7dbf239f4
 
x86_64:
gnupg-1.2.1-16.x86_64.rpm
File outdated by:  RHSA-2007:0106
    MD5: 0e9ea49121b053d9a8bc67c50cf70673
 
Red Hat Enterprise Linux WS (v. 4)

IA-32:
gnupg-1.2.6-5.i386.rpm
File outdated by:  RHBA-2010:0447
    MD5: 47e0360b4534d7220dd01f5dbdf11d72
 
IA-64:
gnupg-1.2.6-5.ia64.rpm
File outdated by:  RHBA-2010:0447
    MD5: 8bcbf0ee44c28eda3700601462f8f279
 
x86_64:
gnupg-1.2.6-5.x86_64.rpm
File outdated by:  RHBA-2010:0447
    MD5: 64689932318e0b756e64d1b4cfd4c850
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

IA-64:
gnupg-1.0.7-17.ia64.rpm
File outdated by:  RHSA-2007:0106
    MD5: c1b68462b1b4d696fa9e90e38f6f54d7
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

195945 - CVE-2006-3082 gnupg integer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/